[105866] in North American Network Operators' Group
Re: updating & checking DNS zone files
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Sun Jul 6 15:45:41 2008
Date: Sun, 06 Jul 2008 21:45:13 +0200
From: Jeroen Massar <jeroen@unfix.org>
To: "Jay R. Ashworth" <jra@baylink.com>
In-Reply-To: <20080706155232.GA16153@cgi.jachomes.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1B39188222DD47EA4D728B57
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Jay R. Ashworth wrote:
> On Sat, Jul 05, 2008 at 04:07:28PM -0500, travis+ml-nanog@subspacefield=
=2Eorg wrote:
>> Apart from using Bernstein's tinydns, anyone have any scripts
>> for looking for problems in zone files or for incrementing the
>> serial number reliably?
>=20
> Well, all my networks are tiny, and I've only recently started having
> to stir DNS zones again, but named-checkconf seems to give good hints.
>=20
> There are also some public-facing things at domtools.com, and of course=
> dnsreport.com... but I see DNSreport went for-pay.
http://www.ZoneCheck.fr
Of course not one is the full-check, thus you'll have to combine a=20
couple of them or write your own check.
I (well the script ;) also check the delegations from the root down and=20
verify that all the nameservers in that tree think that they are the=20
same SOA-wise and delegation-wise. You'll be astonished how often things =
break up in the tree that can cause rather odd and not easily found=20
failures otherwise.
Greets,
Jeroen
--------------enig1B39188222DD47EA4D728B57
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIcSDOKaooUjM+fCMRAvzHAJ4iJFvTFN58gx1aTyGmdUPaspUEgwCfb4Xg
P3ZOQCCe1nnwh6/57R7Tb/I=
=/HnR
-----END PGP SIGNATURE-----
--------------enig1B39188222DD47EA4D728B57--
